diff --git a/src/bin/proxmox-restore-daemon.rs b/src/bin/proxmox-restore-daemon.rs
index 5456bd23..50f58d78 100644
--- a/src/bin/proxmox-restore-daemon.rs
+++ b/src/bin/proxmox-restore-daemon.rs
@@ -18,6 +18,9 @@ use pbs_client::DEFAULT_VSOCK_PORT;
 use proxmox::api::RpcEnvironmentType;
 use proxmox_backup::server::{rest::*, ApiConfig};
 
+use std::fs::File;
+use std::io::prelude::*;
+
 mod proxmox_restore_daemon;
 use proxmox_restore_daemon::*;
 
@@ -70,6 +73,18 @@ fn setup_system_env() -> Result<(), Error> {
     // we do not care much, but it's way less headache to just create it
     std::fs::create_dir_all("/run/proxmox-backup")?;
 
+    // we now ensure that all lock files are owned by the backup user, and as we reuse the
+    // specialized REST module from pbs api/daemon we have some checks there for user/acl stuff
+    // that gets locked, and thus needs the backup system user to work.
+    std::fs::create_dir_all("/etc")?;
+    let mut passwd = File::create("/etc/passwd")?;
+    writeln!(passwd, "root:x:0:0:root:/root:/bin/sh")?;
+    writeln!(passwd, "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin")?;
+
+    let mut group = File::create("/etc/group")?;
+    writeln!(group, "root:x:0:")?;
+    writeln!(group, "backup:x:34:")?;
+
     Ok(())
 }